Networks
that
kNow
security
Your ideas. Connected.
EBOOK
section 1
KNow the lAy of the lANd
“ USA has a 23% share of the
world’s malicious computer
activity. The highest rate of
cybercrime among the world’s
top 20 countries.”
BusinessWeek / Symantec
Preface
In today’s rapidly evolving world, the modern
enterprise has the benefit of many technologies that
were unheard of just 10 years ago – the cloud, for
instance. however, with every new technology – cloud
included – there are new security challenges. with
huge numbers of users, devices and data deployed
to take advantage of the latest technologies, the
enterprise is becoming increasingly vulnerable to data
loss, malicious attacks and network instability.
In the era of the cloud, the always-on workforce and high levels of digital literacy, your customers, prospects, staff and suppliers expect 24/7 network access and availability. however, 24/7 access is not enough; your data needs protection from any number of potential security breaches. these can happen when data is inside the cloud or when it is in transit. Multiple layers of protection are required to safeguard your information, within physical and virtual environments, from hackers and their various modes of attack. you need a multidimensional approach to minimize the risks you face.
today’s cybercriminal is more prolific, elusive and unpredictable than ever before. they might be stealing your data, your intellectual property or your identity. they can penetrate your accounts, compromise your data or take down your site. Regardless, their reputation is enhanced and yours could be destroyed.
the channels used by such criminals are commonplace: online stores, forums, email, private chat, open chat rooms – the list goes on. the cybercriminal’s reputation within these communities is a huge driver – for both the skilled and non-skilled hacker.
with the advent and popularity of anonymous crypto-currencies, such as Bitcoin, the basic economics lend themselves to more crime, not less. yes, law enforcement is getting better – after all, bigger targets get more attention. however, media coverage of these high profile attacks can glamorize the practice and attract newcomers to this digital underworld.
section 2
KNow youR VulNeRABIlItIes
“ Financially-motivated criminals will naturally
seek out data that is easily converted to cash,
such as bank information and payment cards,
while espionage groups target internal
corporate data and trade secrets.”
Verizon, 2014 Data Breach Investigations Report
According to forrester, 46% of businesses plan to increase their security budgets on network defenses during 2014. It’s also reported that the focus will be on counter-threat measures, such as intelligence services, wireless security, next-generation firewalls and malware detection. (source: understand the state of Network security: 2013 to 2014, forrester Research, Inc., January 6, 2014).
this form of tactical response is hardly surprising when the economics of cybercrime are becoming more and more lucrative for the "actors" involved. Indeed, a recent RANd report, released in association with Juniper Networks, suggests that cybercrime – in some instances – can be more profitable than the black market drug trade. with low barriers to entry, less personal risk and steeper rewards, there’s an argument that the incentives to attack will always outpace the
that doomsday scenario could well come true for the unprepared, the under-invested and the misinformed enterprises that are held back by sub-par network, data center and cloud infrastructures. After all, these are the types of organizations that cybercriminals prey upon time and time again. If the economics stack up, why wouldn’t they?
“ Cyber black markets
are a maturing,
multi-billion-dollar
economy, with robust
infrastructure and
social organization.”
RAND Corporation, Markets for Cybercrime Tools and Stolen Data: hackers’ Bazaar
Multiple layers of security must continually be revisited by security professionals. the tendency is to focus on one or two areas for maximum strength, but this can lead to vulnerabilities on other levels. while there tends to be good control at the end point and perimeter firewall, where it’s easiest to manage, elsewhere it’s a different story.
In the so-called "soft" middle layer—within apps, the network and data center – businesses are often left vulnerable or inert by needless complexity – complexity that is caused by proprietary, legacy systems, tools, policies and non-standard protocols. All of this, of course, causes a real
KNow youR BIggest thReAts:
Insiders, hackers
and ineffective
security solutions
These combined internal and external factors are the core challenges facing the modern enterprise. Rarely do long-term threats to corporate security come from a single, manageable source.
Social,
big data, mobility
and cloud
These are the Gartner Nexus of Forces which are major future threats to enterprise security. The intersection between social and the business is a key vulnerability, as is data spawn.
Ineffective
traditional
controls
Old-school slow, antivirus and vulnerability signature updates can be ineffective against the ever-changing attack methods of cyber criminals.
End users
and end
points
section 3
KNow youR oppoRtuNItIes
passive defenses such as simply monitoring and/or blocking traffic are important, but are no longer enough. Instead, firms should be looking to deploy a strategy that disrupts the economic benefits of hacking. In short, hitting them where it hurts – in the pocket.
enterprises that can impose an active defense utilizing proactive blocking techniques are well positioned to make hacking more expensive and time consuming for the intruder. And, in doing so, either deflecting their attentions away from your perimeter or nullifying their behavior entirely.
securing your data centers, edge, and cloud environments is an ongoing challenge. your adversaries—cyber criminals, nation state attackers, hacktivists— continue to develop sophisticated, invasive techniques, resulting in a continually evolving threat landscape. traditional firewalls focused on layer 3 and 4 inspection are not sufficient in today’s threat environment. Next-gen firewalls are powerful, yet not designed to protect from the velocity and variety of new attacks. In today’s world, your firewall must be able to take immediate action based on known or emerging intelligence. It must identify attacks accurately and act quickly.
with the shift to cloud architectures, traditional firewall administration becomes burdensome and fraught with human error due to the sheer complexity of distributed security. what’s needed is a
firewall that can adapt to emerging threats in near real time, in an automated and dynamic way.
opportunities/ challenges As you build and manage a traditional or cloud data center, security is a fundamental element. Balancing the need for users to access applications with the need to protect your digital assets is no easy task. Consider some of the follow challenges:
proprietary and Inflexible security platforms—while some firewall solutions leverage cloud-based threat intelligence1, the data involved is often proprietary, preconfigured on the firewall, and inflexible, not allowing you to select nor exert any control over the information provided.
security Inefficacy—the market is saturated with sources claiming to offer threat intelligence, though most of the available data feeds
are not immediately actionable. your firewall, therefore, is unable to use those data feeds directly within policy, providing less than optimal protection.
static Address groups— Administrators typically rely on static address lists to apply inspection or blocking and must manually update the firewall policy every time any of these lists change. this is cumbersome and difficult to maintain.
firewall performance— firewall services, such as Ips and application inspection, tend to lead to
dramatic performance reductions. In particular, intelligence data feed entries can quickly add up to the thousands (if not more) on a single firewall device, causing performance issues that can lead to unnecessary upgrades. And, your firewall may not be utilizing threat intelligence in a way that maximizes the firewall’s resources.
decentralized policy Management—As the number of firewalls increase across your network and you need consistent policies across the firewall estate, a reliable, centralized web-based management solution is critical.
this is just one example of the agility you can get from a high level
of security intelligence. the ability to make security decisions on the fly, based on new information, will be a critical defensive weapon against
cybercriminals. Knowing other dynamic security information such as updated command and control centers (to defend against botnets), up-to-the-second worm and virus signatures, or customized feeds focused on a company’s vertical businesses can all be critical to protecting your business.
“ Corporates need to
look at the actual
bang-for-the-buck
they are receiving
from their IT security
systems. They also
need to remove
the old layers of
technology and
refresh their security."
Andrew Rose, Forrester Research's Principal Analyst, Security & Risk as quoted in “Forrester
“ The hacker market -
once a varied
landscape of
dis-crete, ad hoc
“ Within the next year,
22%
of organization’s
technology
investments
will be allocated
to security.”
Network World, 2014 Technology Influencer Study
pure-play vendors provide only one part of the solution, meaning businesses tend to have more than “one throat to choke” when it comes to security and networking. As firms ratchet services up and down across multiple environments with more speed than ever before, it’s important to be able to manage multiple security gateways and devices – such as firewalls, routers and switches – using a common platform.
the modern enterprise needs to grow its security as its network grows, ensuring that they have a scalable, next-generation firewall to defend its servers.
A firewall that delivers without compromising business continuity. A firewall that can detect threats based on correlation of data using smart analytics. A firewall that can identify attackers and determine the nature of the threat.
section 4
KNow youR CheCKlIst
what are the key attributes to look for when building a
secure network?
Reliable and secure hardware using open interfaces and standard protocols
Ability to protect traffic at high speeds
programmable hardware that adapts to changes
Ability to alter throughput, latency and connectivity
layered security in the network, firewall, and application
policy management for physical and virtual environments
one operating system and language across security and network
Network and security automation through ApIs
high resiliency due to separate data and control pane architecture
protection of traditional and virtual workloads
Corporate and Sales Headquarters Juniper Networks, Inc.
1194 North Mathilda Avenue sunnyvale, CA 94089 usA phone: 888.JuNIpeR (888.586.4737) or +1.408.745.2000
fax: +1.408.745.2100 www.juniper.net
Copyright © August 2014, Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, Junos and Qfabric are registered trademarks of Juniper Networks, Inc. in the united states and other countries. All other trademarks, service marks, registered marks, or registered service marks are the property of their respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
APAC and EMEA Headquarters Juniper Networks International B.V. Boeing Avenue 240
1119 pZ schiphol-Rijk Amsterdam, the Netherlands phone: +31.0.207.125.700 fax: +31.0.207.125.701
to purchase Juniper Networks solutions, please contact your Juniper Networks representative at +1-866-298-6428
